This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

That might explain why almost nobody passes the test the first time.

It sounds like you're being very smart about this.

Thanks for sharing these books, please post any more that you really wish you had read first.

I want to make sure I'm ready to get the most from the course and I'm planning on just extending 90 days right at the start to make it a non issue.

Another day, another server ? I rooted another one. And this time, I have to say it was really really cool meaning -without spoiling it for the others- that I came across something that I said: Hey I might use this on server X, I tried it, and it worked.

Puts the counter on 5 servers rooted so far. Let's do some more reading further on the day and try another one tomorrow.

Instead of trying several servers at once, I now try to take 1 server out per day and try to hack it. Focused on only 1 server. It seems to be a little less frustrated and let me go deeper on the server but it makes me need to read more and more :-)

Do the servers contain any data that assists you exploiting other systems? Lists of usernames, fake company info, docs, browser history, cookies, etc.. or are just a clean image a server OS with patches missing or hackable services running? Does a hashdump on one help you on others?

Most servers can be compromised directly, but you will occasionally require information or functionality from another system. You should investigate each application, service, and system thoroughly as you go. Don't assume each system exists in a bubble.

Last edited by dynamik on Sun Sep 02, 2012 10:11 am, edited 1 time in total.